Performing Patching in a Disconnected Environment

If you have a console that is operating in a disconnected environment, you must perform a few extra steps before the console is ready to be use for patch management tasks.

1. Install and activate the console.

See:

• Performing a New Installation
• Activating the Program
2. Update the program files.

Another option is to use a distribution server.

1. On a Ivanti Security Controls console that is connected to the internet, update the current data files on it by selecting Help > Refresh files.
   This will download the latest scan engines and XML data files to C:\ProgramData\Ivanti\Security Controls\Console\DataFiles.
2. Copy all the files in this folder to a media that can be transported to the disconnected console.
3. Copy all the files to the same folder on the disconnected console.
3. Download missing patches.

Once the data files are updated on the disconnected console you can begin performing patch scans of your inside (non-networked) machines. Before you can deploy missing patches you must locate and transfer the missing patches to the disconnected console.

1. Use Machine View to view the list of missing patches.
2. Export the list of missing patches to a .csv file by selecting all missing patches and then using the Export selected patches to CSV right-click menu.
   You can use the .csv file as a reference when downloading the patches from the Internet-facing console. Another option is to generate a report that lists the missing patches.
3. On the Internet-facing console, use the Patch View smart filters to locate the patches that are missing on the disconnected console.
4. Right-click the patches and download them to the Internet-facing console.
   The downloaded patches are stored in the following directory:

C:\ProgramData\Ivanti\Security Controls\Console\Patches

5. Copy all the files in this folder to a media that can be transported to the disconnected console.
6. Copy all the files to the same folder on the disconnected console.

The disconnected console can now deploy patches to the inside machines.

Tip: Using the sideload process is another option for copying the files to the disconnected console.

Related Topics

• Console Software and Hardware Recommendations
• Port Requirements and Firewall Configuration
• Distributed Environment Management
• Agentless Patch Management
• Best Approach for Applying Patches in an Agentless Environment
• Automating Patch Management in an Agentless Environment
• Agent-Based Patch Management
• Agent Rollout Options
• Installing and Supporting Agents on Internet-Based Machines
• Agent-Based Product Level and Patch Deployment Process
• Guide to Surviving Patch Tuesday
• Microsoft SQL Server Database Maintenance